Chenbo Feng ec27c3568a selinux: bpf: Add selinux check for eBPF syscall operations ... Implement the actual checks introduced to eBPF related syscalls. This implementation use the security field inside bpf object to store a sid that identify the bpf object. And when processes try to access the object, selinux will check if processes have the right privileges. The creation of eBPF object are also checked at the general bpf check hook and new cmd introduced to eBPF domain can also be checked there. Signed-off-by: Chenbo Feng <fengc@google.com> Acked-by: Alexei Starovoitov <ast@kernel.org> Reviewed-by: James Morris <james.l.morris@oracle.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2017-10-20 13:32:59 +01:00
..
audit.h	SELinux: keep the code clean formating and syntax	2008-07-14 15:01:36 +10:00
avc.h	selinux: update my email address	2017-08-17 15:32:55 -04:00
avc_ss.h	selinux: update my email address	2017-08-17 15:32:55 -04:00
classmap.h	selinux: bpf: Add selinux check for eBPF syscall operations	2017-10-20 13:32:59 +01:00
conditional.h	selinux: Change bool variable name to index.	2016-04-14 11:24:50 -04:00
ibpkey.h	selinux: Add a cache for quicker retreival of PKey SIDs	2017-05-23 12:28:12 -04:00
initial_sid_to_string.h	selinux: const strings in tables	2010-03-08 09:33:53 +11:00
netif.h	selinux: make the netif cache namespace aware	2014-09-10 17:09:57 -04:00
netlabel.h	netlabel: Pass a family parameter to netlbl_skbuff_err().	2016-06-27 15:06:16 -04:00
netnode.h	selinux: reduce the number of calls to synchronize_net() when flushing caches	2014-06-26 14:33:56 -04:00
netport.h	selinux: reduce the number of calls to synchronize_net() when flushing caches	2014-06-26 14:33:56 -04:00
objsec.h	selinux: bpf: Add selinux check for eBPF syscall operations	2017-10-20 13:32:59 +01:00
security.h	selinux: update my email address	2017-08-17 15:32:55 -04:00
xfrm.h	xfrm: remove flow cache	2017-07-18 11:13:41 -07:00